Sunday, January 09, 2011

An Internet ID for All Americans?

President Obama is planning to hand the U.S. Commerce Department authority over a forthcoming cybersecurity effort to create an Internet ID for Americans, a White House official said here today.

It's "the absolute perfect spot in the U.S. government" to centralize efforts toward creating an "identity ecosystem" for the Internet, White House Cybersecurity Coordinator Howard Schmidt said.

That news, first reported by CNET, effectively pushes the department to the forefront of the issue, beating out other potential candidates including the National Security Agency and the Department of Homeland Security. The move also is likely to please privacy and civil liberties groups that have raised concerns in the past over the dual roles of police and intelligence agencies.

The announcement came at an event today at the Stanford Institute for Economic Policy Research, where U.S. Commerce Secretary Gary Locke and Schmidt spoke.

The Obama administration is currently drafting what it's calling the National Strategy for Trusted Identities in Cyberspace, which Locke said will be released by the president in the next few months. (An early version was publicly released last summer.)

"We are not talking about a national ID card," Locke said at the Stanford event. "We are not talking about a government-controlled system. What we are talking about is enhancing online security and privacy and reducing and perhaps even eliminating the need to memorize a dozen passwords, through creation and use of more trusted digital identities."

No, they're not talking about a national ID card, just an international internet ID.

Imagine. Anyone registered with such a cyber-ID who conferences with their doctor via a "secure server" can also be tracked by the government with such a mechanism.

And the issue of not needing more than one password? While convenient, the ramifications of multiple accounts being compromised if a data leak were to occur remains with such a mechanism.

But fear not:

Details about the "trusted identity" project are unusually scarce. Last year's announcement referenced a possible forthcoming smart card or digital certificate that would prove that online users are who they say they are. These digital IDs would be offered to consumers by online vendors for financial transactions.

Schmidt stressed today that anonymity and pseudonymity will remain possible on the Internet. "I don't have to get a credential if I don't want to," he said. There's no chance that "a centralized database will emerge," and "we need the private sector to lead the implementation of this," he said.

No doubt you won't have to be "credentialed" unless you want to use a government service. (They have to be sure you're a "trusted user," right?)

Thank you for this post, Wes. I had not seen this report, but I am interested in learning more about this subject. I do wonder how adding more functions to the federal government can seem like a good idea in light of our fiscal picture. It seems we should be subtracting, certainly before we start adding.

It's damned complicated and really deserves more thought and discussion than a blog affords. But should we determine that the government cannot track, ID or regulate will you accept the consequences when we suffer a devastating cyber attack, another building blown up, another plane blown up, an infiltrated port and a dirty bomb? The last time that happened we demanded a Homeland Security Act which gave (and they took) the DOJ, CIA, and Executive Branch enormous, intrusive, and IMO, illegal powers. I hated that and I don't want to carry a national ID (or have brown people carry them either). I don't understand what happened with the hacking of the Iranian nuclear sites but it is clear that we are terribly vunerable to some very bad things through cyberspace. What will be your position after we suffer an attack that could have greater damage than the bringing down of the World Trade Tower? I'm not in favor of pre-emptive war, and maybe I'm not in favor of pre-emptive cyber IDs. But this knee-jerk reaction of it's the government and therefore it's bad is not helpful. And sorry, but the "monitor and control us" is not a starting point of any informative discussion.

About Me

Westby G. Fisher, MD, FACC is a board certified internist, cardiologist, and cardiac electrophysiologist (doctor specializing in heart rhythm disorders) practicing at NorthShore University HealthSystem in Evanston, IL, USA and is a Clinical Associate Professor of Medicine at University of Chicago's Pritzker School of Medicine. He entered the blog-o-sphere in November, 2005.
DISCLAIMER: The opinions expressed in this blog are strictly the those of the author(s) and should not be construed as the opinion(s) or policy(ies) of NorthShore University HealthSystem, nor recommendations for your care or anyone else's. Please seek professional guidance instead.